Georgia Tech experienced a data breach last month when a Georgia Institue of Technology web app exposed the information of 1.3 million current and former students, as well as applicants and staff members.
After discovering the breach in late March, the Georgia Tech cybersecurity team began investigating the damage. They found the compromised information could include names, addresses, Social Security numbers and birth dates.
“The U.S. Department of Education and University System of Georgia have been notified, and those whose data was exposed will be contacted as soon as possible regarding available credit monitoring services,” the school said in a statement.
This is the second data breach the school has endured after 8,000 students’ information was accidentally emailed to the wrong person in 2018.
In Jan. 2017, Georgia Governor Nathan Deal announced the state would invest $60 million for a cyber range and training facility at the school. The cybersecurity hub would combine expertise in academia, private industry and government to establish statewide cybersecurity standards.
“How ironic that a university with a high ranking in computer science, which offers courses in cybersecurity, got hacked,” said Dan Tuchler, CMO at Security First, a data security company. “This is a clear example of the need for encryption in personal data. Hackers always find a way in…”
Industry experts told SC Media that it is imperative for large institutions like Georgia Tech to maintain security due to the amount and type of information they possess.
“Academic institutions are a growing target for attacks given the personally identifiable information they collect,” said Ben Goodman, VP of global strategy and innovation at ForgeRock.
He believes the information will soon make its way to markets on the dark web.
“On Georgia Tech’s website, it boasts of 173 industry collaborators and 62 U.S. patents issued in 2017 alone. If the university doesn’t tighten its security controls, this kind of proprietary data is likely to be placed at risk,” said Anurag Kahol, CTO at Bitglass, a cybersecurity company.